Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 47565 - pam_ssh 1.9 does not work with gdm + security hole
Summary: pam_ssh 1.9 does not work with gdm + security hole
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-11 18:29 UTC by red0x
Modified: 2011-10-30 22:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description red0x 2004-04-11 18:29:52 UTC 
pam_ssh does not work with gdm.  When logging into gdm, it hangs X, which will not start. Plus, if you ssh keys aren't encrypted, it allows any password to login, which is bad news.  This package needs some serious work.  This one may need to go upstream.
Comment 1 solar (RETIRED) gentoo-dev 2004-04-11 21:30:00 UTC 
red0x
Send it upstream, then come back and reopen the bug 
when you have more information that can be used to 
resolve your issue.
Comment 2 Andrew J. Korty 2004-04-12 08:48:39 UTC 
I consider this more of a security hole in the user's configuration than in pam_ssh itself.  But if people are going to be accidentally leaving their keys unencrypted, it makes sense to disallow blank passwords by default.  I've released version 1.91 with this change plus an option to revert to the old behavior.  I'll attach the updated ebuild to this ticket.

I can't reproduce the GDM bug, so I'll need a lot more information.
Comment 3 Andrew J. Korty 2004-04-12 10:28:17 UTC 
Turns out the ebuild doesn't change at all -- just rename it and bump the version number.  The password prompt patch might have some whitespace issues, though.